Publications

Please note the following papers are in PDF format. You will need the latest version of Adobe Reader to view them.

  • Exploring Below the Surface of the GIFAR Iceberg

    Reported at Black Hat 2008, GIFARs uses the concept of combining files such as a GIF images and a Java Archives (JAR) to enable malicious code execution. This paper explores GIFARs and the possible threats they expose.

    Download Paper (PDF 1.1MB)

    • Information Security Standards: The Australian Business Perspective

    Standards can greatly assist organisations in the pursuit of effective Information Security policies and procedures. But which ones are right for you?

    This paper explores Information Security standards relevant to the Australian and New Zealand contexts, with the goal of giving the reader a better understanding of the use and positioning of each standard. As this document is written as a guide with Australian and New Zealand organisations in mind, it will examine both international (ISO) and national (AS/NZS) documents.

    Download Paper (PDF 94KB)

  • Information Warfare: Computer Network Defence Strategies

    This paper was published at the Fifth Test and Evaluation International Aerospace Forum Information Technology, Test and Evaluation (T&E) for Combined Operations, held in London UK 13-15 July 2004. (www.raes.org.uk)

    This paper describes network vulnerabilities and provides an understanding of Computer Network Defence (CND) Strategies that seek to safeguard against attacks.

    Download Paper (PDF 137KB)

    • Information Operations: The Impact on C4I Systems

    This paper was presented at the Association of Old Crows (AOC) International Symposium and Exhibition 2004 held in Adelaide on 16-17 February 2004. The paper describes the interactions between Information Operations and Command, Control, Communications, Computers and Intelligence (C4I) Systems and related security implications.

    This paper describes network vulnerabilities and provides an understanding of Computer Network Defence (CND) Strategies that seek to safeguard against attacks.

    Download Paper (PDF 62KB)

    Download Slides (PDF 42KB)

  • Three Minutes to be Owned

    This paper describes how EWA's InfoSec Team conducted a test, and within three minutes of connecting the test laptop to the Internet it was attacked and compromised by a worm.

    Download Paper (PDF 64KB)

    • I am not a Target

    This paper describes the dependence upon the Internet which makes companies vulnerable to security exploits as the Internet is uncontrolled and insecure.

    Download Paper (PDF 70KB)

  • What's all this .Biz-Ness About Security?

    This paper discusses, a number of new TLDs released on the Internet; domains such as .info, .tv, .name and .biz are rapidly establishing a presence. As a result of this, there has been significant debate over the need to increase the range of TLDs.

    Download Paper (PDF 77k)